Ransom-ware on Windows Server? Virtual Screen Desktop Lock by Toplang

It looks like my 2008 Windows Server may have been hacked. I am the admin, although not real experienced at it, and came in today to find that the Server had been rebooted.

When I tried to log in, it came up with a screen that looked somewhat like a desktop, but was a program calling itself "Virtual Screen" by a company called "Toplang".

The effect of the Virtual Screen is that I am locked out of my Server unless I enter an admin password, which needless to say I don't have, since I have never seen or heard of this program before.

The reason that I think it might be ransom-ware, is that when I go onto the Toplang website and look at their FAQs, under lost admin password, it says:

Frequently Asked Questions

Global Questions

Q: I have lost my admin password?

A: For our access control products, if you have lost your admin password, you can contact us for support.

NOTE: None can get your admin password back if you have lost it, and there are also no backdoor password in any of those products. This service works in a different way by creating a dynamic, temporary password.

Please click here to get control back if you have lost your admin password.

You cannot know if it is scam or not until you contact them or they are known scammer, nothing on internet search suggests they are scammer. Check your hardware vendor if they included this product when they sold you the server. Contact toplan by submitting to their contact form if needed.

Also try rebooting server in safe mode, if you can login in safe mode, set the application or service to not to load on startup and reboot in normal mode

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

That did it! I did a registry edit to undo the changes shown on the Dr. Web summary sheet and that allowed me to boot the server without the Trojan. Now, I'm following the removal process on the link you provided. Thanks Expert Exchange!

Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…